Re: [xmpp] Stephen Farrell's No Objection on draft-ietf-xmpp-posh-04: (with COMMENT)

Peter Saint-Andre - &yet <peter@andyet.net> Wed, 05 August 2015 22:55 UTC

Return-Path: <peter@andyet.net>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D42B31ACED9 for <xmpp@ietfa.amsl.com>; Wed, 5 Aug 2015 15:55:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WuHbU1mqy4G2 for <xmpp@ietfa.amsl.com>; Wed, 5 Aug 2015 15:55:31 -0700 (PDT)
Received: from mail-io0-f174.google.com (mail-io0-f174.google.com [209.85.223.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D78721ACECC for <xmpp@ietf.org>; Wed, 5 Aug 2015 15:55:30 -0700 (PDT)
Received: by ioii16 with SMTP id i16so64630206ioi.0 for <xmpp@ietf.org>; Wed, 05 Aug 2015 15:55:30 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=xLNwQmrmQRF9MygKnpCA6gTX9sD7yvrOOYrTRrmWbKg=; b=ZMhKd6qqOl8swLhaZqdaPlzk7eRUOUNB+C6giJ+/0RBhqXi6RwT7sVuclYBBQMamtl 3IRwnFf4zjgJQPx6mG9evGXgwZnXVM1TlWPIe4mMKlnJ0HCvOn+xfGCG8ESaESajQHO1 OROERpF+E1GbYUhWbpn/csH51oOp7YYSPNXDR9DpoSGzKz07dtJGOzHbuB5Plbut9hc8 Njt5LwUHGB9zX8KEfwfbdPh87Xw/d5YWns8EinF5g9aURYhoz0fkw4HD/V+9xe4viuAO uYCQNW4aZ9l7x89waMuZ5z6xaYe5je4IjUhzL6naU1M+6FnL+gjTCABNb0f5iEdxFMGs jxOA==
X-Gm-Message-State: ALoCoQnI9upyEaMNOM09gNBXKbctsAOZc461VSVD72lLyEVILPwKdEzhn5wurYi0XIRMKZE2+VA6
X-Received: by 10.107.157.4 with SMTP id g4mr12579488ioe.66.1438815330226; Wed, 05 Aug 2015 15:55:30 -0700 (PDT)
Received: from aither.local (c-73-34-202-214.hsd1.co.comcast.net. [73.34.202.214]) by smtp.googlemail.com with ESMTPSA id o19sm30702igi.14.2015.08.05.15.55.27 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Aug 2015 15:55:28 -0700 (PDT)
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
References: <20150805150244.8466.87044.idtracker@ietfa.amsl.com>
From: Peter Saint-Andre - &yet <peter@andyet.net>
Message-ID: <55C2945E.9010503@andyet.net>
Date: Wed, 5 Aug 2015 16:55:26 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <20150805150244.8466.87044.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/xmpp/eZOOUs7GRVSzW8RGMYOhr2rOtGQ>
Cc: draft-ietf-xmpp-posh.shepherd@ietf.org, xmpp-chairs@ietf.org, xmpp@ietf.org, draft-ietf-xmpp-posh.ad@ietf.org, draft-ietf-xmpp-posh@ietf.org
Subject: Re: [xmpp] Stephen Farrell's No Objection on draft-ietf-xmpp-posh-04: (with COMMENT)
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2015 22:55:33 -0000

Hi Stephen, this is a quick reply because time is short here (also, I 
will be offilne tomorrow and Friday).

On 8/5/15 9:02 AM, Stephen Farrell wrote:
> Stephen Farrell has entered the following ballot position for
> draft-ietf-xmpp-posh-04: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-xmpp-posh/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
>
>
> 3.1: fingerprints: sigh, I wish we could agree to just
> do this kind of thing a few times and not re-do it over
> and over and over (but we always do;-). RFC6920 could
> probably have been used there (caveat lector: that's an
> RFC I'm a co-author on).

Sorry, I should have thought of RFC 6920 in this context. :(

Matt and I will look at this. (He is offline this week so we won't be 
able to sync up until then.) We will also reach out to implementers 
because as I recall we chose this approach in part for ease of 
implementation.

> 3.1: fingerprints - your hash input here is the entire
> cert so the value will be out of date when a cert
> expires (or is revoked). While 3.3 makes clear that
> a match on any of these is ok, I think it'd be good
> to say here that the hashes may be of different certs.

Good points all.

> You do clarify in section 7, but I'd suggest moving
> section 7 into 3.1 myself. (I don't object if you
> prefer to not change though.)

I think that might be a sensible change.

> 3.2: A "MUST use HTTPS" statement might have been nice
> there. It's not absolutely needed but would maybe be
> something to help an implementer not get this wrong by
> just using some generic URL handling library without a
> check for scheme==https.

We have been assuming "MUST use HTTPS" but it seems that we didn't quite 
come out and say that.

> section 6: surely the cache expiry ought be the earliest
> of the possibly two POST expires or the X.509 notAfter?

We were thinking specifically of HTTPS-related caching, but yes I 
certainly see your point!

> section 8: see my comments on draft-dna, I think the
> .well-known URIs should be here and not there. But
> it works as-is too, even if ickky:-)

We had some debate about exactly where things belonged, but decided in 
the end that the xmpp-related registrations belonged in the -dna document.

> section 8: I dislike the "{servicedesc}" thing, but
> that's just me. Breaking down servicedesc further into
> "{service}.{proto}" is worse though, I don't get why
> that's a good idea at all, nor the "_" convention. If
> you want/need all that you should've just registered
> "posh" as a well-known and then said the the rest of the
> pathname was whatever structure you needed and not
> possibly end up registering loads of DNA .well-known
> URLs.

See other thread.

> section 9: section 8 is IMO an IANA section, so you're
> fibbing here:-)

Section 8 doesn't make any requests of the IANA, so it doesn't feel like 
material for a standard IANA considerations section.

> - 11.2: odd one this but [HASH-NAMES] might be better
> in 11.1. I won't try force you to do that though as
> it may be messy.

I'm agnostic on that, I suppose.

Peter

-- 
Peter Saint-Andre
https://andyet.com/